×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

295 comments

heh (2, Funny)

Anonymous Coward | more than 5 years ago | (#25849977)

be careful where you stick in the USB stick.. :)

This isn't alarming... (4, Insightful)

Hahnsoo (976162) | more than 5 years ago | (#25849993)

This sounds like common sense. Seriously. Several years ago, a military bud of mine said that the worst threat to their security is the USB flash drive.

Re:This isn't alarming... (1)

Brett Buck (811747) | more than 5 years ago | (#25850025)

Absolutely - our internal company network has banned personally-owned USB drives in DoD closed areas for years. It's obvious.

        Brett

Re:This isn't alarming... (2, Interesting)

ShieldW0lf (601553) | more than 5 years ago | (#25850337)

That's all well and good, but it's not going to stop grunts from using them to look at porn in the field. If I was going to do a cyber attack on the DoD, I'd be leaving virus infected DVDs full of porn lying around in occupied areas. You're pretty much guaranteed that it'll get passed from person to person.

Re:This isn't alarming... (4, Informative)

Creepy Crawler (680178) | more than 5 years ago | (#25850843)

It needs to be said:

In linux, one can remove exec permissions from a whole device via the noexec switch in /etc/fstab .

Re:This isn't alarming... (1)

i_ate_god (899684) | more than 5 years ago | (#25851083)

It needs to be said:

There is no technological defense against PEBKAC.

I'm still not entirely against the idea of a license for internet use. By "not entirely" I mean my idea of a license would never get used since it'll get abused.

My idea is simply, get a license that says you know about the dangers, and you have demonstrated a basic understanding on how to avoid them. When you sign up for internet service, provide license number and you get an account.

If my idea were taken into consideration though, it'll turn into some sort of spy network eventually.

Nonetheless, PEBKAC remains the most troubling security hazard there is, and the only way to fight it is through education and punishment. Education is most important of course. Punishment is pointless without education FIRST, and the punishment should fit the crime, regardless of how big the victim is.

eg: if someone lets their computer get compromised, then that computer is shown to be used in a DDoS attack that costs CNN $2.2 billion in lost revenue, then the punishment should still be the same if the target was Slashdot and Slashdot lost $2.2 million. Fine the person and be done with it. Use the money to further technological common sense education for the masses.

In my utopian world, everyone has basic understanding. I do not expect anyone know what IP stands for, I do expect everyone to understand the dangers of opening email attachments and being able to tell whether a link is genuine or not.

Re:This isn't alarming... (0, Redundant)

Ahnteis (746045) | more than 5 years ago | (#25851139)

>>Mod parent up! [a] by Anonymous Coward (Score:1) Thurs, Nov 31, @13:

Your SIGNATURE is a request for a mod up? That's just pathetic.

Re:This isn't alarming... (1, Insightful)

Anonymous Coward | more than 5 years ago | (#25851203)

Nothing sadder than a sig that is a desperate cry for attention.

Re:This isn't alarming... (0)

Anonymous Coward | more than 5 years ago | (#25850239)

No kidding. My boss once took a computer into work from his church. Plugged it into the network. When my harddrive on my computer went nuts it didn't take me many seconds to see it came from that computer. Any source that comes from outside the network one way or the other is a potential danger.

Re:This isn't alarming... (1)

JCSoRocks (1142053) | more than 5 years ago | (#25850271)

I've always felt the same way. For a long time our company was able to control the risk of data walking out the door by limiting who had CD burners. Nothing worth taking could fit on a floppy...

Unfortunately, we haven't updated our policies and anyone could bring or take anything. Firewalls and e-mail scanning are all designed to protect anything from outside coming in... those don't work so well when someone just slaps a thumbdrive with the latest worm in their machine. 'Cause lets be honest - no matter how good your virus scanning is they're always playing catchup. If you get something before there's a new virus definition for it - you're screwed.

Re:This isn't alarming... (1)

richlv (778496) | more than 5 years ago | (#25850677)

um, i'm not. i'm not really afraid sticking whatever cd or usb drives to my computer - and i haven't run antivirus for 7 or so years. ok, the same goes for windows...

We had this problem... (3, Informative)

RulerOf (975607) | more than 5 years ago | (#25850421)

Only it was with people bringing in docx files and expecting to use them with OpenOffice and blaming the IT department when it wouldn't work. So I followed some guides and wrote a script, threw it up in a GPO and now only Admins can use USB storage.

The procedure is a HUGE pain in the ass (you need to modify ACL's on registry keys and the whole 9 to cover all angles) but scripted it was as simple as "USBStorage.exe </enable|/disable>" in a logon script.

I think it took all of two hours.

Re:This isn't alarming... (1)

azuredrake (1069906) | more than 5 years ago | (#25850629)

Yeah, it's pretty ridiculous that DoD is only now banning external media on their premises, when that's been standard operating procedure in the video game industry for years. Let's see, what matters more... the next year's copy of Madden, or the next Patriot missile specs?

*facepalm*

Re:This isn't alarming... (0)

Anonymous Coward | more than 5 years ago | (#25850833)

VA already did this. Why is VA leading DOD in network security?

(AC for job preservation purposes)

Auto-infect (4, Insightful)

robo_mojo (997193) | more than 5 years ago | (#25850015)

Sounds like someone forgot to disable auto-run.

Re:Auto-infect (1)

talz13 (884474) | more than 5 years ago | (#25850063)

Yeah, I always disable it. I don't know how far it goes to stemming the flow of all kinds of malware, but it makes me FEEL safe, and that's what really matters, isn't it?

Re:Auto-infect (3, Insightful)

Nerdfest (867930) | more than 5 years ago | (#25850419)

It's quite sad that you need to with most (all?) versions of Windows. This should be the default state, especially with viruses coming right from the factories in digital picture frames, etc.

Re:Auto-infect (2, Interesting)

supernova_hq (1014429) | more than 5 years ago | (#25850619)

While I agree with you (I disable it on ALL my systems), just image Joe Bob phoning Blizzard bitching that noting happened when he put the CD in the drive!

But then again, I also believe that banking sites should authenticate to YOUR private key, that credit cards should have rolling pins and that it should be illegal to run windows on anything that handles security or financial information...

While all these ideas seem sane, practical and necessary to me, the average person would become irate when they find out they can't just use the last 4 numbers of their phone number for their windows machine, bank pin, corporate login system and the key to their child's soul!

Re:Auto-infect (1)

redxxx (1194349) | more than 5 years ago | (#25850841)

Isn't the default, on all recent version of windows, to ask the user what to do and only autorun when expressly told to do so?

Like, XP sp3, and all versions of vista and 2003/8 server.

That's what happens whenever any of my computers see a new drive, at least. I don't recall doing any sort of configuration to cause that to happen.

It's not intuitive how to disable AutoRun (5, Informative)

WD (96061) | more than 5 years ago | (#25850755)

Forgot to disable AutoRun, perhaps. But actually, it's quite non-intuitive how to disable AutoRun in Microsoft Windows. There are several options, and none of them (and even all of them combined) will disable AutoRun and AutoPlay features in their entirety. In fact, up until recently, Windows Vista had the logic reversed for one of the AutoRun features! i.e., if you take the effort to disable the AutoRun feature, you actually put yourself at more risk. More details here:
http://www.kb.cert.org/vuls/id/889747 [cert.org]

But luckily, there is a single registry value that can disable AutoRun at its core. Once this change is made, Windows will not interpret the Autorun.inf file on any device, effectively disabling AutoRun for all devices, including USB drives, network shares, and more. Get the scoop here:
http://www.cert.org/blogs/vuls/2008/04/the_dangers_of_windows_autorun.html [cert.org]

war games, skynet...prophecy? (0)

Anonymous Coward | more than 5 years ago | (#25850051)

"DO YOU WANT TO PLAY A GAME?"

I'll be over in the bomb shelter quivering....CYA...

They're just ignoring the real problem (0, Flamebait)

Anonymous Coward | more than 5 years ago | (#25850055)

Microsoft Windows.

Re:They're just ignoring the real problem (5, Insightful)

idiotwithastick (1036612) | more than 5 years ago | (#25850079)

Do you honestly think that foreign intelligence agencies won't write Linux or Macintosh viruses if it would get them into the DoD network? The OS might be part of the problem, but users are the much bigger one.

When you put something in a locked box (3, Insightful)

Ungrounded Lightning (62228) | more than 5 years ago | (#25850577)

Do you honestly think that foreign intelligence agencies won't write Linux or Macintosh viruses if it would get them into the DoD network?

When you try to protect a secret by putting in in a locked box, do you put it in a steel box with a good combination lock? Or do you put it in a cheap transparent plastic box with a lock that can be picked by a safety pin and hundreds of holes and little doors that can be opened even more easily?

Yes Linux, MacOS, and even OpenBSD aren't absolutely impregnable. But Windows has a decades long track record of holes (some unfixable) and a multibillion dollar malware industry built on exploiting them. The fewer holes you start with the easier it is to close them.

Essentially ANY military function is a security issue. For a person with any level of IT expertise to put such functions on Windows platforms is, IMHO, either a level of incompetence suitable for dishonorable discharge or of malice meeting the definition of treason.

Re:When you put something in a locked box (1)

KillerBob (217953) | more than 5 years ago | (#25850769)

When you try to protect a secret by putting in in a locked box, do you put it in a steel box with a good combination lock? Or do you put it in a cheap transparent plastic box with a lock that can be picked by a safety pin and hundreds of holes and little doors that can be opened even more easily?

The answer really depends on what kind of other security measures you're placing on the box, and how accessible it is. If the transparent plastic box with a lock that can be picked with a safety pin is floating on a rock island in the middle of the caldera of an active volcano, it'd be less vulnerable to security breech than the steel box if it's left sitting on the sidewalk at Times Square.

The military networks are most certainly hardened against intrusion. With proper security measures installed, and with decent firewalls and traffic monitoring on both the outbound and the inbound, and with intelligent account restrictions in place, then Windows can be made just as secure as any other OS. This is just a case of somebody sleeping on the job when they were setting up user rights.

Re:When you put something in a locked box (1)

gr8scot (1172435) | more than 5 years ago | (#25851165)

When you try to protect a secret by putting in in a locked box, do you put it in a steel box with a good combination lock? Or do you put it in a cheap transparent plastic box with a lock that can be picked by a safety pin and hundreds of holes and little doors that can be opened even more easily?

The answer really depends on what kind of other security measures you're placing on the box, and how accessible it is. If the transparent plastic box with a lock that can be picked with a safety pin is floating on a rock island in the middle of the caldera of an active volcano...

It isn't. Somebody obviously got in, either by socially engineering a soldier or by being a double agent.

The military networks are most certainly hardened against intrusion.

Hardened? Is this about placing the aforementioned plastic box into a steel vault?

With proper security measures installed, and with decent firewalls and traffic monitoring on both the outbound and the inbound, and with intelligent account restrictions in place,

... including prohibiting external storage devices,

... then Windows can be made just as secure as any other OS.

Re:When you put something in a locked box (1)

BlackSnake112 (912158) | more than 5 years ago | (#25850837)

Do you actually think the DOD only uses windows?

On an interview (so nothing was signed) we talked about having 6 different computer systems that needed the info from each simulation. The data had to be in 6 completely different formats after each run. None of the systems were windows.

In the DOD offices maybe there are windows machines. In the research/test areas I'd be surprised if there were windows based machines.

Re:They're just ignoring the real problem (4, Interesting)

diegocgteleline.es (653730) | more than 5 years ago | (#25850713)

There's no way you can automatically run code on a Linux computer by inserting a USB flash drive. It's just not possible. Those virus happen only because of Yet Another Windows Design Mistake - autorun.inf files that run executables.

This has been a problem for years. Make a program that deletes all the files in a system. Put it into a CD along with a autorun.inf file. Burn the CD, don't write anything on it, and leave it near the office of someone you hate. At some point the guy will insert the CD just to check what's there. Boom. The virus will run automatically as soon as the CD is inserted.

And there're more posibilities, like making a virus executable have a carpet icon. Since Windows hides extensions by default, people will double click the virus because they will think it's a carpet.

These things can't happen in Linux (well, not really true, they can happen thanks to the shitty .desktop files that get "interpreted" by file managers even if they don't have execution +x permissions)

Re:They're just ignoring the real problem (4, Funny)

diegocgteleline.es (653730) | more than 5 years ago | (#25850821)

d'oh, were I write "carpet" I obviously wanted to say "folder". "Folder" is translated to spanish as "carpeta", and I always confuse them.

Re:They're just ignoring the real problem (1)

seeker_1us (1203072) | more than 5 years ago | (#25850957)

Do you honestly think that foreign intelligence agencies won't write Linux or Macintosh viruses if it would get them into the DoD network? The OS might be part of the problem, but users are the much bigger one.

Oh they would write the viruses, but there are things like SELinux that protects against them even if installed at root.

And Linux can be a hell of a lot more secure than windows because you control what is running (you want no services? No problem). You can control the firewall rules completely. The list goes on.

The obvious solution (4, Insightful)

DesScorp (410532) | more than 5 years ago | (#25850095)

Chuck Windows, and adopt Unix. I realize there are some possible implications of using Linux because of the GPL, but then use BSD. There are bright Comp Sci guys in the military and DOD. Customize a military Unix, and use it throughout all the services. In fact, I think it's long past time DOD did this. With the computerization of everything from planes to ships, now's a smart time to do it. There's no way Windows should be running a ship of war.

Re:The obvious solution (1)

gad_zuki! (70830) | more than 5 years ago | (#25850269)

You can have windows, but you cant have windows and running as administrator 24/7, the same way you cant have linux and running as root 24/7. If this is the same trojan from that wired.com article then it doesnt work without admin rights. Autorun will attempt to run it, but when it tries to write to the machine registry and to c:\windows then its just going to fail.

>here are bright Comp Sci guys in the military and DOD.

They might have bright coders but if their sysadmins are letting them run as local admins then they have a pretty big problem.

Re:The obvious solution (1)

bigredradio (631970) | more than 5 years ago | (#25850375)

I think you misinterpret the needs of the DOD. In cases where important systems are in place they use UNIX. It's all the systems running outlook, MSWord, visio and other office products that are to blame. Tough part is, (even I have used it for years) OpenOffice is just not ready for the common user. Or better yet, the common user is not ready for OO or any OS other than Windows. Just transitioning them to [ add flavor of ubuntu here ] is not that easy.

Re:The obvious solution (1)

BearGrylls (1388063) | more than 5 years ago | (#25850553)

I'm going to go ahead and assume they are running unix. (On the back end) Think of the Id10t errors you'd get trying to switch an entire operation over to a new platform. We'd accidentally nuke something before we knew what happened.

Re:The obvious solution (2, Insightful)

ZackZero (1271592) | more than 5 years ago | (#25850635)

Disclaimer: IAAS (I Am A Sailor)

Windows does NOT run a ship of war; I cannot say exactly what operating systems are used on the critical components (i.e. NOT shipboard LAN)but can say that they are a derivative of Unix. They are always kept in secured spaces and cannot simply be infected with a worm or virus. They're not even connected to the Internet.

The issue affects workstations kept on-land, and is likely covering those that are marked unclassified. Those are the ones running Windows - and I'll say it now, DoD should've gotten a contract with Apple.

Re:The obvious solution (0)

mangu (126918) | more than 5 years ago | (#25850851)

Windows does NOT run a ship of war; I cannot say exactly what operating systems are used on the critical components (i.e. NOT shipboard LAN)but can say that they are a derivative of Unix

Then I suggest that you go and correct Wikipedia [wikipedia.org] . It's clearly stated there that "The ship was equipped with a network of 27 dual 200 MHz Pentium Pro based machines running Windows NT 4.0 communicating over fiber-optic cable with a Pentium Pro based server. This network was responsible for running the integrated control center on the bridge, monitoring condition assessment, damage control, machinery control and fuel control, monitoring the engines and navigating the ship."

Re:The obvious solution (2, Informative)

SubmersibleJester (1124869) | more than 5 years ago | (#25850649)

Windows doesn't run a ship of war. Some flavor of Unix (Solaris, HP-UX) or Linux (custom or RedHat) are used for all Command and Control computers. Windows is just used for office work and such. So logistics and paperwork are suffering, but thats it

Re:The obvious solution (1)

at_slashdot (674436) | more than 5 years ago | (#25850657)

What problems should GPL pose to DOD? I mean even it they modify the code they don't even have to release the modification unless they distribute the code, but if they only use it in DOD they are covered they don't have to release any modification.

Re:The obvious solution (0)

Anonymous Coward | more than 5 years ago | (#25851107)

Good job calling this fool out. It's just typical GPL FUD.

Re:The obvious solution (1)

BlackSnake112 (912158) | more than 5 years ago | (#25850903)

Only using one OS would be a bad idea. One OS == only one thing to crack. Better off using a mix of a few operating systems. harder to take down all of them with one single hack.

Maybe they can use.. (1, Insightful)

Anonymous Coward | more than 5 years ago | (#25850105)

Maybe they can use one of their $20,000 screwdrivers to remove the USB jacks. Or better yet have the manufactures disable them in the hardware or remove them when they are purchased.

Banning media doesn't work, you have to break the method for using it. You're just going to get some guy who thinks he's good with computers and he's immune to viruses because he's "a tech" and when he plugs his flash drive in the same things going to happen.

Re:Maybe they can use.. (1, Interesting)

Anonymous Coward | more than 5 years ago | (#25850293)

Some networks fill USB ports with epoxy to disable them. Since valid devices (mouse, keyboard) are moving to USB connections, some sites are moving to software based solutions that only allow certain device types (mouse, keyboard) while denying others (mass storage, camera, etc...).

As someone who has administered a classified demonstration network for my company, the policy for our lab was that anything attached to the network was approved by the security officer and connected by the approved system administrators. Any removable media with unclassified media was scanned on a dedicated system before being used on the classified system, and even then, only the system administrator was authorized to load the media. Unclassified removable media is not permitted within the secured facility (so leave your iPods, USB drives, etc... in the car). All CD/DVD devices were disabled and only administrators had access to a system where media could be loaded (after all the approval and scanning processes were completed).

Mij

Re:Maybe they can use.. (0)

Anonymous Coward | more than 5 years ago | (#25850675)

They didn't just ban the media, they have disabled the USB ports entirely on all workstations and servers.

Of course as one can still load and burn CDs it's still rather pointless. Less convenient so perhaps it's something of a hindrance.

Re:Maybe they can use.. (1)

Whorhay (1319089) | more than 5 years ago | (#25851121)

According to my enlisted friends their flash drives and optical drives are just not useable now by a non-admin user. If you insert a usb device like a flash drive or an optical disk the computer just refuses to recognize it. They didn't just disable the USB controllers though because most of the keyboards and mice as well as CAC readers are usb devices and they still function properly.

try this.. (0)

Anonymous Coward | more than 5 years ago | (#25850111)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=dword:000000ff

Re:try this.. (5, Funny)

Cajun Hell (725246) | more than 5 years ago | (#25851099)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] "NoDriveTypeAutoRun"=dword:000000ff

That's the whole problem with you Linux dorks! People shouldn't have to get down to that level and do such obscure things, just to be able to safely use their computer. And what you don't understand is that most people just plain won't do it! Your post is exactly why Linux will never be ready for the desktop!

Ominous Prelude (1)

GMonkeyLouie (1372035) | more than 5 years ago | (#25850141)

Do you ever think about the potentially catastrophically apocalyptic events that could be heralded by the phrase, "The Pentagon has suffered from a cyber attack"? I shudder to think of various blue screens of death and then the weapons systems hijacked by Obvious Trolls and turned on X. Suddenly the internet becomes "serious business".

Better ban email to (2, Insightful)

Synn (6288) | more than 5 years ago | (#25850163)

Because a virus can come from there as well. Along with web access, usenet access, ftp access.... might just as well unplug the network cable just to be safe.

Or they could install an OS that wasn't insecure by design.

Re:Better ban email to (1)

pixelpusher220 (529617) | more than 5 years ago | (#25850785)

one slight difference, email is external, so has to pass through filters and gateways to every get inside the organization.

USB drives start out *inside*.

Systems are generally pretty well hardened against external threats, or at least to the point of diminishing returns. It's the internal threats that are wildly unaddressed in many cases.

Re:Better ban email to (1)

rrohbeck (944847) | more than 5 years ago | (#25850845)

Only if your email client allows it.
Who needs anything beyond plain text in an email?

All email IS plain text (1)

mangu (126918) | more than 5 years ago | (#25851077)

Who needs anything beyond plain text in an email?

The SMTP standard used for sending email does not support anything but plain text. What you see as binary attachments are actually encoded as plain text.

The problem with email executable attachments is not in the email itself, but in the piss-poor operating system most people use, which runs with superuser rights most of the time. In a superior OS, like Linux for instance, a virus in an email attachment wouldn't have privileges to infect anything but the user's own directory.

RIAA..... (1, Interesting)

Anonymous Coward | more than 5 years ago | (#25850175)

Sounds like a tactic the RIAA would use.. Find a way to penetrate, and make portable drives look evil. Everyone knows external drives = piracy, so what better way than to get it banned by the Pentagon. Slowly it will be illegal to even make them!

Ohh RIAA, when will you be crushed? What next, banning torrenting at the Pentagon? Sheesh!

commercial malware? (2, Funny)

bl8n8r (649187) | more than 5 years ago | (#25850231)

ftfa: "Due to the presence of commercial malware.."
So.. this was malware someone purchased?

Re:commercial malware? (1)

Hognoxious (631665) | more than 5 years ago | (#25850313)

this was malware someone purchased?

Yes. Not necessarily the person who runs it, but being the DoD you can't rule that out.

Does it really need to be said? (1)

NoobixCube (1133473) | more than 5 years ago | (#25850235)

I'm very surprised it hasn't been already. It probably will have been by the time this gets posted though. "This wouldn't be happening if they were using Linux!"

An actual case where Linux solved this problem (5, Informative)

TheModelEskimo (968202) | more than 5 years ago | (#25850255)

Dave Richards, the administrator of the Largo, Florida computer network, came up against this problem. He made the system mount USB disks as FTP shares, and made the file browser hide any executable files on the share so they couldn't be transferred.http://davelargo.blogspot.com/2008/02/hp-thin-clients-and-usb-access-for.html [blogspot.com]

I'm not surprised the DoD just completely shut the door on these things, but I think that for most admins, a solution like Dave's would be a really good compromise.

Re:An actual case where Linux solved this problem (1)

logjon (1411219) | more than 5 years ago | (#25850279)

Maybe this will help open their eyes...but I doubt it.

Re:An actual case where Linux solved this problem (1)

Marc Desrochers (606563) | more than 5 years ago | (#25850767)

The next day, userx who has a little bit of know-how has gone home renamed said .exe file to .ex!, comes into work the next day, copies it to his desktop, renames it again, runs it and infects himself.

Re:An actual case where Linux solved this problem (1)

TheModelEskimo (968202) | more than 5 years ago | (#25850983)

That's worth considering. I wonder what sort of protections could be put in place to make it less viable. Of course, once you've done something that devious on your work computer network, I'd say you pretty much better assume that if caught you would be fired.

Windows.... (1)

mlwmohawk (801821) | more than 5 years ago | (#25850283)

Mark my words, it is because of Windows. If Linux or BSD based systems were predominant in the Pentagon, this would not be an issue.

The world, the U.S.A. is so screwed up. We all know what the problems are, but we can't address them because no one in position of power will discuss them.

Re:Windows.... (1, Informative)

negRo_slim (636783) | more than 5 years ago | (#25850559)

Mark my words, it is because of Windows. If Linux or BSD based systems were predominant in the Pentagon, this would not be an issue.

The world, the U.S.A. is so screwed up. We all know what the problems are, but we can't address them because no one in position of power will discuss them.

Let me play the troll here... and agree with you, how absurd it would be for our own military to purchase software from one of our premier software companies. A company that provides a consistent tax revenue and employment opportunities. and as others have pointed out, no malicious agents would dare sully the name of the *nix by writing custom software to go after a high profile target like the US military and it's related assets.

Re:Windows.... (1)

Todd Knarr (15451) | more than 5 years ago | (#25850827)

And if they did write such software, they'd surely not survive the ridicule and public humiliation of having their efforts graded against standards developed over 30 years of malicious pranksters with Computer Science degrees and way too much time on their hands trying to get access to the system to guarantee themselves an A (or at least get copies of the professor's answer sheet for the final). Which is in the end the reason Unix is more resistant to attack than Windows: Windows attempts to add security to a system developed for a trusted environment, while Unix is adding convenience onto a system developed for a fundamentally hostile environment.

Re:Windows.... (1)

mlwmohawk (801821) | more than 5 years ago | (#25851003)

how absurd it would be for our own military to purchase software from one of our premier software companies.

Who has a world famous reputation for poor performance, reliability, and security.

A company that provides a consistent tax revenue and employment opportunities.

Security != Money. Damn it! Just because a company is profitable does not mean it has a good product.

no malicious agents would dare sully the name of the *nix by writing custom software to go after a high profile target like the US military and it's related assets.

I refuse to buy that hogwash. It isn't about popularity or anything like that, it is about inherent security and the difficulty with which compromises are developed. It is far far harder to compromise Linux or BSD system.

I'm not saying they don't exist, but I also refute the equivocation argument that all security vulnerabilities are equal. Windows is insecure at the system level where as Linux and BSD tend to only be insecure at the service level which is easier to administer.

Re:Windows.... (3, Interesting)

Jamie's Nightmare (1410247) | more than 5 years ago | (#25850613)

Get real. Security all comes down to the person who's task it is to implement it. Running Unix (or any compatible rip off) only gives you an additional layer of security through obscurity . Sorry fanboys, it's true. It's not a end all solution, and you would still need someone to take the time to plan for any possible security breach. Obviously, that includes any media (CDs, FlashDrives, Floppies) attached to the system. This isn't the first military fuckup, now you want to blame Microsoft instead of the brass simply because you think it's a chance to expand your following. Please.

Bingo! (2, Interesting)

snspdaarf (1314399) | more than 5 years ago | (#25850979)

Get real. Security all comes down to the person who's task it is to implement it.

Years ago, I was on a DoD facility where scheduling was being done on a UNIX box. Everyone there used the console for their work, everyone used the root account to do their work, and the password was written in on the first page of the book marked "Procedures" that was beside the console.

Re:Bingo! (1)

mlwmohawk (801821) | more than 5 years ago | (#25851127)

Years ago, I was on a DoD facility where scheduling was being done on a UNIX box. Everyone there used the console for their work, everyone used the root account to do their work, and the password was written in on the first page of the book marked "Procedures" that was beside the console.

I call this a lie. There is no way this would happen in a DoD shop.

Re:Windows.... (1)

mlwmohawk (801821) | more than 5 years ago | (#25851093)

Security all comes down to the person who's task it is to implement it.

To a point this is true, however, Windows is far more insecure to begin with.

Running Unix (or any compatible rip off) only gives you an additional layer of security through obscurity .

Not true at all. It gives you an over-all more secure base from which to begin.

Sorry fanboys, it's true.

No it isn't.

Obviously, that includes any media (CDs, FlashDrives, Floppies) attached to the system.

Why? Why would those devices be a security breach unless a brain-dead operating system looked for "autorun.exe?"

ow you want to blame Microsoft instead of the brass simply because you think it's a chance to expand your following.

No, it is because Windows starts out insecure and UNIX starts out secure. There is a fundimental limit you reach with Windows and security. It gets to the point where you can't even use it. With Linux or BSD a use can use the system as an untrusted user.

I could get a virus on my Linux box, but it couldn't install itself or destroy system areas.

Re:Windows.... (1)

ShadowRangerRIT (1301549) | more than 5 years ago | (#25851031)

I worked for DoD. I ran Solaris Unix, and every other machine in the office ran that or Linux. Every machine is vulnerable to someone with physical access; blaming this on Windows is stupid and pointless.

Re:Windows.... (1)

mlwmohawk (801821) | more than 5 years ago | (#25851223)

blaming this on Windows is stupid and pointless.

Yes, of course, how many Solaris or Linux viruses are there?

I do not buy the hogwash equivocation argument that all security vulnerabilities are the same. There are degrees and there are levels of ease of deployment.

If a 12 year old script kiddie can exploit a windows system easily, but it takes a 20 year software security expert to exploit a UNIX system, I'd call that different.

Not News (1)

Anonymous Coward | more than 5 years ago | (#25850291)

U.S. Intelligence Agencies have been doing this for years. No cell phones, CD's, flash drives, or any other digital media. This is odd that the DoD is just now starting to do this since the other agencies are part of the Central Intelligence Services which is under the umbrella of the DoD.

Re:Not News (3, Interesting)

Ungrounded Lightning (62228) | more than 5 years ago | (#25850633)

Intelligence agencies did it to eliminate data paths out of the agency. DoD is doing it to eliminate malware paths into and within the agency.

Re:Not News (1)

Whorhay (1319089) | more than 5 years ago | (#25851215)

Actually the military and civilian DoD sites I have been to that actually work with more important military systems were already in theory locked down like this. People just always figured since their usb drive didn't have a battery it didn't count as a personal electronic device. If you read the rules and understood their intent it was already obvious that you shouldn't be bringing that kind of thing in to work.

Worms through Media? (1)

mfh (56) | more than 5 years ago | (#25850297)

This had better not include the overseas forces. What would our poor soldiers do when they have downtime? Isn't their quality of life bad enough? Now they can't even watch videos of their families waving at them and showing them homemade delicious cake. Believe me, those vids get previewed at the DOD before they get shipped over, so now there is either a greater risk to the stuff arriving in the field, or there is another big problem on the horizon to do with morale.

The debilitating virus is Windows! (5, Funny)

David Gerard (12369) | more than 5 years ago | (#25850369)

Yesterday, a terrorist attack on the NHS [today.com] brought three London hospitals to a halt.

The terrorists, representing an organisation calling itself "Microsoft," apparently used insecure third-party contractors to put a virus-running platform called "Windows" into critical systems in the hospitals, in order to extort money from them on an annual basis.

It is understood that a large percentage of all businesses are infected with the virus, wasting up to 25% of employees' working time and opening the companies to further attacks from related criminal organisations demanding to see all their licenses.

The virus in question, W32.SHILL/ZDNET, takes over the host's IT systems, leading to aches, pains, nausea, vomiting, pumping out prodigious quantities of faeces and a terrible compulsion to spread the infection to others. The patient also walks with a shuddering stumble and asks for their hospital meal to include tasty, tasty brains. Recovery has commenced when they have an overwhelming urge to throw their computer out of the window. "Getting this stuff out of the system makes MRSA look like a walk in the park," said one cleaner, waving his shit-encrusted hands about for emphasis.

When the infection became known, ambulances were diverted to other hospitals. "We have maintained a safe environment for our patients throughout the incident," said a spokesman for Barts NHS Trust, "keeping them in the Clostridium difficile culturing lab rather than risking exposing them to 'Windows.'"

Skynet (2, Funny)

GottliebPins (1113707) | more than 5 years ago | (#25850531)

Skynet became self-aware at 2:14am EDT. By the time Skynet became self-aware, it had spread into millions of computer servers across the planet. Ordinary computers in office buildings, dorm rooms, everywhere. It was software in cyberspace. There was no system core. It could not be shut down.

The V.A. is ahead of DOD (2, Interesting)

602 (652745) | more than 5 years ago | (#25850659)

The V.A.--at least the healthcare part of it-- banned these months ago to prevent data from wandering away..

DoD needs a security nazi ( soup nazi style ) (2, Funny)

unix_geek_512 (810627) | more than 5 years ago | (#25850799)

DoD needs a security nazi ( soup nazi style ).

Since I am the 2nd most paranoid person on earth I hereby nominate myself.

Semper Fi, carry on.

Re:DoD needs a security nazi ( soup nazi style ) (1)

Amertune (1073838) | more than 5 years ago | (#25850879)

DoD needs a security nazi ( soup nazi style ).

Since I am the 2nd most paranoid person on earth I hereby nominate myself.

Semper Fi, carry on.

No security for you!

Insider perspective... (2)

soulsteal (104635) | more than 5 years ago | (#25850829)

I work as an IT contractor for the USAF and what it boils down to is muddied interpretations and lack of discipline. They already have regulations stating what you can and cannot do with data coming in and out of the work place. No, you're not allowed to bring a floppy in from home. No, you're not allowed to take a government floppy home with you. The same regulations should, by default, extend to CD/DVD/USB/any and all media but since they're not specifically written that way, people could quote the AFI back and say it was allowed. This new ban is merely a clarification to close the loophole.

Did they swat a fly with a nuclear bomb? Sure.
Has it worked? So far.

USB/Flash Media not "All Media" (1)

sholsinger (1131365) | more than 5 years ago | (#25850909)

The DoD issued a policy that disables USB devices such as cameras, flash drives, SD cards, etc. DVD-Rom discs and other optical media are still usable. Additionally I haven't actuallly seen any offical memo regarding the matter. Just a notice from the local sysadmins that it had happened.

Fox News!!! (0)

Anonymous Coward | more than 5 years ago | (#25851067)

Since when is fox news a Credible source !!!!

Signed Executables (1)

Detritus (11846) | more than 5 years ago | (#25851085)

Why isn't the federal government using an operating system that refuses to load or execute any programs that do not have an authorized digital signature from an agency security officer? Anything that hasn't been tested and approved, no matter where it came from, never gets the chance to run.
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...